Information obligation according to Art. 13 and 14 GDPR
EIKONA Mobile Apps GmbH, as the processor for the responsible party using the AndroidAPP, has implemented numerous technical and organisational measures in order to ensure that the personal data processed via this AndroidAPP is protected as completely as possible. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you as the person concerned are free to transmit personal data to us by alternative means, for example by telephone or mail. However, the use of APP inevitably requires internet-based data transmission.
The data protection declaration of EIKONA Mobile Apps GmbH is based on the terminology used by the European guidelines and ordinances when the General Data Protection Regulation (DSGVO) was issued. The detailed definitions can be found in Art. 4 DSGVO. Essentially, these are the following terms, described here in simplified form:
a) personal data
This is all the information available to us as processors to identify you as a natural person. (e.g. name, address, e-mail, telephone number, IP address, etc.)
b) person concerned
This is you as a natural person if we have identified you or can identify you.
Processing is any capturing, storing, processing, forwarding, archiving and deleting of data. It is irrelevant whether the process is carried out automatically with the aid of IT systems or whether it is done manually (e.g. by letter).
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.
Profiling is any type of automated processing of your data, which consists of using this data to evaluate certain personal aspects relating to you. In particular, to analyse or predict aspects relating to your job performance, economic situation, health, personal preferences, interests, behaviour, whereabouts or change of location.
This is a process to provide your personal data with an identifier. Furthermore, only this identifier is then used and without the original key or a "reference database" this pseudonym cannot be resolved. (e.g. allocation of a customer number)
Controller or data controller, you are the one who uses the application and decides which data should or should not be processed by the APP. The decisive factor is that you can decide independently on the processing procedures and means.
h) data processor
EIKONA Mobile Apps GmbH is a contract processor because we have been commissioned to support you in the collection, processing, storage, forwarding or deletion of your data. In general, these are mostly IT service providers but also disposal companies, which are e.g. commissioned with the destruction of documents.
The recipient is a natural or legal person, authority, institution or other body to whom your data is disclosed, whether or not it is a third party. However, authorities which may receive personal data in the course of a specific investigation, in accordance with Union or national law, are not considered to be recipients.
j) third party
Third party means any natural or legal person, public authority, agency or other body other than you, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.
Consent is any expression of will given by you for a specific individual case. You will be fully informed about what you are consenting to.
2. Name and contact of the controller
The responsible within the meaning of the GDPR for providing the HABBL App is:
EIKONA Mobile Apps GmbH
Am Alten Bahnhof 8
Tel.: +49 (9381) / 71 69 5-0
3. Contact details of the data protection officer
You can reach our data protection officer at the following contact details:
EIKONA Systems GmbH
Data Protection Officer – Confidential –
Am Alten Bahnhof 8
Phone: +49 9381 71 77 8 - 59
4. Purpose of the personal data and legal basis of the processing
In connection with the use of the HABBL App, we process the following personal data from you and on your behalf.
Description of data types beginning with version 1.8.6.
We need access to the accounts of your device in order to be able to identify you or this device for linking with other users of the habbl world. When you log in, your login data (username, password and e-mail address) for the HABBL App will be saved in an account file on the device. This data will be deleted when the app is uninstalled.
- Search, add or remove accounts on the device
- Create accounts and set passwords
- Get phone status and identity
The HABBL app needs access to the contacts stored on the device in order to store the phone number of the device or the SIM card in the device in the login of the HABBL app during the installation. After that, the app no longer accesses your contacts.
- Phone number of the device/the SIM card
The app requires access to the location of your device to enable Track and Trace. This allows the portal to track the position of the device on the live map and calculate an ETA. In addition, geofences can be defined that can be used in the app in various ways.
For a location query, for example, we collect your current location via GPS in order to quickly provide you with information about your immediate or upcoming tour. You have the possibility to set the transmission of the location both from the side of the device and from the side of the app. Depending on the function of the app and your release of the location data in the app and in the device settings, the location will be transmitted to the habbl users connected with your app and the HABBL Server and may be passed on to third parties (e.g. customers) via this habbl user.
- Time of query
- Approximate location (network-based)
- Exact location (GPS and network based)
In the context of tour editing, photos can be created, accepted, read out and saved. These photos are stored on a storage medium of the device. When a tour is removed/completed within the HABBL App, the associated files are transferred to the HABBL Server and then deleted from the local memory of the device.
Access to the storage media of the device is required to store photos, signatures or documents for a job. When a tour is removed/completed, the associated files are transferred to the HABBL server and deleted from the local storage.
- Read memory contents
- Change or delete memory contents
The app requires access to the camera function of the device in order to take photos of a tour for verification and documentation purposes or to read barcodes.
- Capturing Images and Videos
WLAN connection information
You can give the app access to WLAN connection information if you do not necessarily want to transmit large amounts of data over a clocked connection (mobile phone contract), but want to be able to better control the time of transmission.
- Retrieve WLAN connections
- Retrieve network connections
- Retrieving data from the Internet
This authorisation is required to enable communication via the Internet.
- Execute at startup
Required to provide the Background functionality even without starting the app interface.
- Control vibration alarm
This functionality enables the HABBL App to provide the user with a haptic notification of events when new or updated data is available.
- Deactivate hibernation mode
This authorisation is required to enable communication with the HABBL servers even in the background.
- Read Google service configuration
This permission is required to enable push messages and to determine whether a particular Google service is available.
Aggregated statistical data
EIKONA Mobile Apps GmbH summarises user data in the context of statistical evaluations of HABBL Portal and HABBL APP use to so-called anonymised, aggregated data as far as possible without concrete personal reference. This data is used for the further development of functionalities or for troubleshooting in the event of system faults.
Legal basis of the data processing
The legal basis for the processing of your personal data results from the following articles of the GDPR:
The processing of the personal data of the HABBL App user is based on Article 6 Paragraph I lit. b of the GDPR. This states that data processing is lawful and permissible in the context of the initiation, execution and conclusion of a contract. Depending on the nature and origin of the data concerned, the basis of the processing can therefore be either the contract between the sender and the recipient of a freight processed via HABBL, the contract between the sender or recipient and the carrier or a subcontracting relationship between a party involved in the supply chain and the person authorised to carry out the contractual obligations. For example, the shipper or the transport company (company) sending the HABBL App user an "invitation to App" is in this context the contractual partner of the operator of the HABBL portal. This company has concluded a HABBL user contract with the operator of the HABBL portal, which is the substantiating document here.
If the HABBL App user (e.g. sole proprietorship/freelance driver) has downloaded the App from the Google Play Store, the data processing of the user data up to the link with a HABBL Portal user takes place on the basis of Art. 6 para. I lit. a GDPR with the consent of the HABBL App user.
Due to legal obligations to provide IT security for the HABBL application (HABBL App and HABBL Portal), EIKONA Mobile Apps GmbH collects so-called log files (files in which, for example, technical information on usage data or data transfers is stored). EIKONA Mobile Apps GmbH processes this information on the basis of Art. 6 Para. I lit. f of the GDPR in order to be able to counter legal claims against us and to guarantee the security of its IT systems.
As far as possible, the aggregated statistical data from the HABBL App and the HABBL portal is processed only in pseudonymised form and thus on the basis of Art. 89 Para. 1 GDPR, if applicable in conjunction with § If a pseudonymisation is not possible, it is carried out on the basis of Art. 6 Para. I lit. f GDPR on the basis of a justified interest of EIKONA Mobile Apps GmbH to use the statistical data for the purpose of evaluating its own services and developing new services. For the aggregated data categories, the need for protection of the natural persons concerned (the HABBL App user) is weighed up in advance. However, since only aggregated data is processed here, there is no risk to the personal rights of individual HABBL App users.
5. Recipients or categories of recipients of personal data
EIKONA Mobile Apps GmbH is the provider of the HABBL App, which facilitates tour ordering, processing and follow-up for freight forwarders, transport companies and self-employed drivers. EIKONA Mobile Apps GmbH does not transfer data to third parties who are not members/users of HABBL App and the associated HABBL portal.
Due to various export interfaces, there is the possibility of data transfer by other HABBL users (companies, hauliers, transport companies). However, EIKONA Mobile Apps GmbH has no influence on this and is therefore not liable. All HABBL Portal users guarantee that data exports will be handled in accordance with data protection regulations within the framework of their contractual and usage conditions.
In addition, end users can grant other users (e.g. customers or clients) access to their data such as tour information, status messages, GPS positions via the HABBL Portal. EIKONA Mobile Apps GmbH has no influence on this either and is not liable.
Should a criminal investigation authority contact EIKONA Mobile Apps GmbH and demand the surrender of personal data after presentation of a corresponding legal document (e.g. criminal prosecution order/warrant of arrest) and should EIKONA Mobile Apps GmbH be obliged to cooperate with this criminal authority, the data processing will be carried out on the basis of Art. 6 Paragraph I lit. c of the GDPR.
6. Storage location and third country transfer
The databases behind the HABBL App and the HABBL Portal are located exclusively on servers within the territory of the Federal Republic of Germany and are therefore subject to the provisions of the GDPR and the Federal Data Protection Act.
EIKONA Mobile Apps GmbH does not transfer the data transferred to the HABBL servers to third parties outside the European Union and the extended economic area of the EEC.
HABBL Portal users (e.g. freight forwarders, transport companies) who maintain a branch or subsidiary outside the European Union and the EEA or who leave this area with their terminal equipment and initiate or request a data transfer outside this area are responsible for handling this data within their company structure in a data protection compliant manner. It is pointed out to make appropriate data protection compliant regulations (e.g. Binding Corporate Rules).
Where service providers in countries outside the EU and the EEA who operate independently are called in, it is also the responsibility of the HABBL Portal user to ensure that these service providers comply with the provisions of the GDPR.
7. Duration of data storage
Tour-related data such as carriers, pictures, signatures and documents are only stored in the HABBL app until the tour is marked as "Completed" or "Cancelled" and the app transfers the required data to the HABBL portal. On the central server side, this data is retained for 1 year by the HABBL portal user to fulfil our documentation obligations, unless the HABBL portal user transfers the tour data to his own or an external document management system, in which he can retain the data for up to 10 years for tax law purposes.
System-related data, such as registration data, are only stored on the mobile device for the duration of app use (period between installation and uninstallation). On the server side, the user's system-related data (identification, mobile phone number, linked company) are stored for as long as the App is installed. After uninstallation, this profile data is blocked and deleted after a period of 1 year (to defend against recourse claims or to log on to the HABBL system again).
8. Data security
EIKONA Mobile Apps GmbH uses the widely used SSL (Secure Socket Layer) procedure for data transfers from the HABBL App to the HABBL portal in conjunction with the highest encryption level supported by your device. As a rule, this is a 256-bit encryption. If your device does not support 256-bit encryption, we use 128-bit v3 technology instead.
We also use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
9. Right of access, correction, deletion, restriction, opposition, data transferability
In accordance with Chapter 3 of the GDPR, you as the party concerned have the rights listed below. In order to fulfil our obligations in connection with your rights in accordance with the law, please address the relevant enquiries to our data protection officer.
Art. 15 Right to information
You have an unlimited right to demand information about the personal data processed by you. This information must be provided to you free of charge. You may request information about the following information, copies of which must also be sent to you:
- the purpose of processing your data,
- the categories of the data,
- the internal and external recipients of your data,
- the duration of the data storage,
- their rights under Chapter 3, in connection with data processing,
- the origin of the data, if they have not been collected from you,
- whether a profile was created,
- whether your data has been transferred to a third country (non-EU and non-EEA),
- which data protection authority is responsible for our respective company.
Art. 16 Right to rectification
If we should process wrong data from you, you can have these corrected at any time with your contact person.
Art. 17 Right to cancellation
You have the right to demand the deletion of your personal data at any time. We may be required by law to retain your data for a certain period of time (e.g. 6 years for business mail or 10 years for tax related documents), in which case we will block your record until the retention period expires and then delete the record accordingly. Please address your request for deletion to the data protection officer, who will exercise your rights in our company on your behalf.
Art. 18 Right to limitation of processing
If you dispute the accuracy of our personal data, or if you refuse the deletion of your data and instead demand the restriction (e.g. in the case of advertising letters) then you can demand the restriction of processing from us. We will then set your data unlocked.
Art. 19 Notification obligations in connection with correction, deletion or restriction
We are obliged to inform all recipients of your data of any correction, deletion or restriction commissioned by you, insofar as this is possible and can be implemented with a reasonable effort. We will inform you about the recipients of your data if you request this.
Art. 20 Right to data transfer
You have the right at any time to ask our company to transfer your data to another responsible person. This applies to all master data that we keep about you. If this is technically possible, we will make the data record available in a common machine-readable format (e.g. *.csv).
Art. 21 Right of objection
If data processing is based on Art. 6 Para. I lit. f (so-called legitimate interest), you may object to the processing in this context.
Art. 77 Right to complain to a supervisory authority
You have the right at any time to complain to the data protection supervisory authority responsible for our company if you are of the opinion that we are in any way violating the provisions of the GDPR.
The following authority is responsible for EIKONA Mobile Apps GmbH:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
You can access the website of the data protection supervisory authority via the following link: https://www.lda.bayern.de/de/index.html
You can also use the following link (https://www.lda.bayern.de/de/beschwerde.html) for your compliant. 10. profiling In connection with the use of the HABBL App, there is no manual or automated profile creation in accordance with Art. 22 GDPR.
11. Actuality / status
Due to the further development of our services and offers or due to changed legal or official requirements, it may become necessary to amend this data protection declaration. You can access and print out the current data protection declaration at any time on our website or in the HABBL App under Settings / APP / Terms and Conditions.